Attacks exploiting known security flaws impacting internet-facing systems, including Microsoft Exchange Server, SonicWall, and F5 BIG-IP instances, as well as the open-source Pantegana and Spark RAT backdoors have been deployed by the new TAG-100 threat operation as part of a cyberespionage campaign against private and government organizations in the U.S. and other parts of the world, according to The Hacker News. TAG-100 further intensified the targeting of U.S. organizations in mid-April with reconnaissance intrusions leveraging the maximum severity remote code execution flaw impacting Palo Alto Networks GlobalProtect firewalls, tracked as CVE-2024-3400, facilitating Pantegana, SparkRAT, and Cobalt Strike Beacon deployment, an analysis from Recorded Future's Insikt Group revealed. "The widespread targeting of internet-facing appliances is particularly attractive because it offers a foothold within the targeted network via products that often have limited visibility, logging capabilities, and support for traditional security solutions, reducing the risk of detection post-exploitation," said Recorded Future researchers.
Network Security, Vulnerability Management
Global cyberespionage campaign launched by novel TAG-100 operation

(Adobe Stock)
An In-Depth Guide to Network Security
Get essential knowledge and practical strategies to fortify your network security.
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds